diff --git a/include/PortContactStats.h b/attic/include/PortContactStats.h similarity index 100% rename from include/PortContactStats.h rename to attic/include/PortContactStats.h diff --git a/src/PortContactStats.cpp b/attic/src/PortContactStats.cpp similarity index 100% rename from src/PortContactStats.cpp rename to attic/src/PortContactStats.cpp diff --git a/include/Flow.h b/include/Flow.h index 4053aef2d1a6..b6e7788b7c99 100644 --- a/include/Flow.h +++ b/include/Flow.h @@ -62,7 +62,7 @@ class Flow : public GenericHashEntry { bool detection_completed, extra_dissection_completed, twh_over, twh_ok, dissect_next_http_packet, passVerdict, l7_protocol_guessed, flow_dropped_counts_increased, - good_tls_hs, update_flow_port_stats, + good_tls_hs, quota_exceeded, has_malicious_cli_signature, has_malicious_srv_signature; #ifdef ALERTED_FLOWS_DEBUG bool iface_alert_inc, iface_alert_dec; diff --git a/include/Host.h b/include/Host.h index 5c91164f784a..cd46232bf4d4 100644 --- a/include/Host.h +++ b/include/Host.h @@ -352,10 +352,6 @@ class Host : public GenericHashEntry, public AlertableEntity { void setResolvedName(const char * const resolved_name); inline Fingerprint* getJA3Fingerprint() { return(&fingerprints.ja3); } inline Fingerprint* getHASSHFingerprint() { return(&fingerprints.hassh); } - virtual void setFlowPort(bool as_server, Host *peer, u_int8_t protocol, - u_int16_t port, u_int16_t l7_proto, - const char *info, time_t when) { ; } - virtual void luaPortsDump(lua_State* vm) { lua_pushnil(vm); } void setPrefsChanged() { prefs_loaded = false; } virtual void reloadPrefs() {} diff --git a/include/LocalHost.h b/include/LocalHost.h index b6c2efa1107a..140419d1d55e 100644 --- a/include/LocalHost.h +++ b/include/LocalHost.h @@ -30,7 +30,6 @@ class LocalHost : public Host, public SerializableElement { bool systemHost; time_t initialization_time; HostTimeseriesPoint *initial_ts_point; - std::map udp_client_ports, tcp_client_ports, udp_server_ports, tcp_server_ports; /* LocalHost data: update LocalHost::deleteHostData when adding new fields */ OperatingSystem os; @@ -44,10 +43,6 @@ class LocalHost : public Host, public SerializableElement { char* getMacBasedSerializationKey(char *redis_key, size_t size, char *mac_key); char* getIpBasedSerializationKey(char *redis_key, size_t size); - void ports2Lua(lua_State* vm, bool proto_udp, bool as_client); - void updateFlowPort(std::map *c, Host *peer, - u_int16_t port, u_int16_t l7_proto, - const char *info, time_t when); public: LocalHost(NetworkInterface *_iface, Mac *_mac, u_int16_t _vlanId, IpAddress *_ip); @@ -89,9 +84,6 @@ class LocalHost : public Host, public SerializableElement { virtual void lua(lua_State* vm, AddressTree * ptree, bool host_details, bool verbose, bool returnHost, bool asListElement); virtual void tsLua(lua_State* vm); - void luaPortsDump(lua_State* vm); - void setFlowPort(bool as_server, Host *peer, u_int8_t proto, u_int16_t port, - u_int16_t l7_proto, const char *info, time_t when); }; #endif /* _LOCAL_HOST_H_ */ diff --git a/include/ntop_includes.h b/include/ntop_includes.h index 34a1afe4074c..f2b4ca777978 100644 --- a/include/ntop_includes.h +++ b/include/ntop_includes.h @@ -374,7 +374,6 @@ using namespace std; #include "TimeseriesStats.h" #include "HostStats.h" #include "LocalHostStats.h" -#include "PortContactStats.h" #include "HostScore.h" #include "Bin.h" #include "FlowDurationBin.h" diff --git a/src/Flow.cpp b/src/Flow.cpp index eef311d8f391..ee4f7059cf27 100644 --- a/src/Flow.cpp +++ b/src/Flow.cpp @@ -50,7 +50,7 @@ Flow::Flow(NetworkInterface *_iface, peers_score_accounted = false; status_infos = NULL; - detection_completed = update_flow_port_stats = false; + detection_completed = false; extra_dissection_completed = false; ndpiDetectedProtocol = ndpiUnknownProtocol; doNotExpireBefore = iface->getTimeLastPktRcvd() + DONT_NOT_EXPIRE_BEFORE_SEC; @@ -747,7 +747,6 @@ void Flow::setProtocolDetectionCompleted() { processDetectedProtocol(); detection_completed = true; - update_flow_port_stats = true; #ifdef BLACKLISTED_FLOWS_DEBUG if(ndpiDetectedProtocol.category == CUSTOM_CATEGORY_MALWARE) { @@ -1384,59 +1383,6 @@ void Flow::periodic_stats_update(void *user_data) { Mac *cli_mac = get_cli_host() ? get_cli_host()->getMac() : NULL; Mac *srv_mac = get_srv_host() ? get_srv_host()->getMac() : NULL; - if(update_flow_port_stats) { - bool dump_flow = false; - - if(protocol == IPPROTO_TCP) { - /* - update the ports only if the flow has been observed from the beginning - and it has been established - */ - dump_flow = ((src2dst_tcp_flags|dst2src_tcp_flags) & (TH_SYN|TH_PUSH)) == (TH_SYN|TH_PUSH); - } else if(protocol == IPPROTO_UDP) { - if( - (srv_host && srv_host->get_ip()->isBroadMulticastAddress()) - || (get_packets_srv2cli() > 0 /* We see a response, hence we assume this is not a probing attempt */) - ) - dump_flow = true; - } - -#if 0 - char buf[128]; - - ntop->getTrace()->traceEvent(TRACE_NORMAL, "[%s][%u/%u] %s", - dump_flow ? "DUMP" : "", - get_packets_cli2srv(), get_packets_srv2cli(), - print(buf, sizeof(buf))); -#endif - - if(dump_flow && (srv_port != 0)) { - u_int16_t p = ndpiDetectedProtocol.master_protocol; - u_int16_t port = ntohs(srv_port); - - if(p == NDPI_PROTOCOL_UNKNOWN) - p = ndpiDetectedProtocol.app_protocol; - - if(cli_host && cli_host->isLocalHost()) - cli_host->setFlowPort(false /* client */, srv_host, protocol, port, p, - getFlowInfo() ? getFlowInfo() : "", - iface->getTimeLastPktRcvd()); - - if(srv_host && srv_host->isLocalHost()) - srv_host->setFlowPort(true /* server */, cli_host, protocol, port, p, - getFlowInfo() ? getFlowInfo() : "", - iface->getTimeLastPktRcvd()); - -#if 0 - char buf[128]; - - ntop->getTrace()->traceEvent(TRACE_NORMAL, "%s", print(buf, sizeof(buf))); -#endif - } - - update_flow_port_stats = false; - } - hosts_periodic_stats_update(getInterface(), cli_host, srv_host, &partial, first_partial, tv); if(cli_host && srv_host) { diff --git a/src/LocalHost.cpp b/src/LocalHost.cpp index c2c5faea69b4..ffc9219e6d80 100644 --- a/src/LocalHost.cpp +++ b/src/LocalHost.cpp @@ -238,27 +238,6 @@ void LocalHost::lua(lua_State* vm, AddressTree *ptree, /* *************************************** */ -void LocalHost::luaPortsDump(lua_State* vm) { - lua_newtable(vm); - - lua_newtable(vm); - ports2Lua(vm, true, true); - ports2Lua(vm, true, false); - lua_pushstring(vm, "udp"); - lua_insert(vm, -2); - lua_settable(vm, -3); - - lua_newtable(vm); - ports2Lua(vm, false, true); - ports2Lua(vm, false, false); - lua_pushstring(vm, "tcp"); - lua_insert(vm, -2); - lua_settable(vm, -3); - -} - -/* *************************************** */ - // TODO move into nDPI void LocalHost::inlineSetOSDetail(const char *_os_detail) { if((mac == NULL) @@ -351,73 +330,6 @@ char * LocalHost::getIpBasedSerializationKey(char *redis_key, size_t size) { /* *************************************** */ -void LocalHost::ports2Lua(lua_State* vm, bool proto_udp, bool as_client) { - std::map *s = as_client ? (proto_udp ? &udp_client_ports : &tcp_client_ports) : (proto_udp ? &udp_server_ports : &tcp_server_ports); - - if(s->size() > 0) { - std::map::iterator it; - - lua_newtable(vm); - - m.lock(__FILE__, __LINE__); - - for(it = s->begin(); it != s->end(); ++it) { - char buf[8]; - - snprintf(buf, sizeof(buf), "%u", it->first); - - lua_newtable(vm); - - it->second.lua(vm, iface); - - lua_pushstring(vm, buf); - lua_insert(vm, -2); - lua_settable(vm, -3); - } - - m.unlock(__FILE__, __LINE__); - - lua_pushstring(vm, as_client ? "client_ports" : "server_ports"); - lua_insert(vm, -2); - lua_settable(vm, -3); - } -} - -/* *************************************** */ - -void LocalHost::updateFlowPort(std::map *c, Host *peer, - u_int16_t port, u_int16_t l7_proto, - const char *info, time_t when) { - std::map::iterator it = c->find(port); - - if(it == c->end()) - (*c)[port] = PortContactStats(l7_proto, peer, info, when); - else - it->second.update(peer, info, when); -} - -/* *************************************** */ - -void LocalHost::setFlowPort(bool as_server, Host *peer, u_int8_t protocol, - u_int16_t port, u_int16_t l7_proto, - const char *info, time_t when) { - m.lock(__FILE__, __LINE__); - if(as_server) { - if(protocol == IPPROTO_UDP) - updateFlowPort(&udp_server_ports, peer, port, l7_proto, info, when); - else - updateFlowPort(&tcp_server_ports, peer, port, l7_proto, info, when); - } else { - if(protocol == IPPROTO_UDP) - updateFlowPort(&udp_client_ports, peer, port, l7_proto, info, when); - else - updateFlowPort(&tcp_client_ports, peer, port, l7_proto, info, when); - } - m.unlock(__FILE__, __LINE__); -} - -/* *************************************** */ - /* * Reload non-critical host prefs. Such prefs are not reloaded inline to * avoid slowing down the packet capture. The default value (set into the diff --git a/src/LuaEngine.cpp b/src/LuaEngine.cpp index 91e72aeda24f..6a83a06fbe4f 100644 --- a/src/LuaEngine.cpp +++ b/src/LuaEngine.cpp @@ -3226,35 +3226,6 @@ static int ntop_get_interface_host_info(lua_State* vm) { /* ****************************************** */ -static int ntop_get_interface_host_used_ports(lua_State* vm) { - NetworkInterface *ntop_interface = getCurrentInterface(vm); - char *host_ip; - u_int16_t vlan_id = 0; - char buf[64]; - Host *h; - - ntop->getTrace()->traceEvent(TRACE_DEBUG, "%s() called", __FUNCTION__); - - if(ntop_lua_check(vm, __FUNCTION__, 1, LUA_TSTRING) != CONST_LUA_OK) return(CONST_LUA_ERROR); - get_host_vlan_info((char*)lua_tostring(vm, 1), &host_ip, &vlan_id, buf, sizeof(buf)); - - /* Optional VLAN id */ - if(lua_type(vm, 2) == LUA_TNUMBER) vlan_id = (u_int16_t)lua_tonumber(vm, 2); - - if(!ntop_interface) return(CONST_LUA_ERROR); - - h = ntop_interface->findHostByIP(get_allowed_nets(vm), host_ip, vlan_id); - - if(!h) - return(CONST_LUA_ERROR); - else { - h->luaPortsDump(vm); - return(CONST_LUA_OK); - } -} - -/* ****************************************** */ - static int ntop_get_interface_host_timeseries(lua_State* vm) { NetworkInterface *ntop_interface = getCurrentInterface(vm); char *host_ip; @@ -11409,7 +11380,6 @@ static const luaL_Reg ntop_interface_reg[] = { { "getBatchedRemoteHostsInfo", ntop_get_batched_interface_remote_hosts_info }, { "getBatchedLocalHostsTs", ntop_get_batched_interface_local_hosts_ts }, { "getHostInfo", ntop_get_interface_host_info }, - { "getHostUsedPorts", ntop_get_interface_host_used_ports }, { "getHostTimeseries", ntop_get_interface_host_timeseries }, { "getHostCountry", ntop_get_interface_host_country }, { "getGroupedHosts", ntop_get_grouped_interface_hosts },